commit 0dc61e472569aaeccbb047e8338c57483a424488
author Kirill Mashchenko <kmashchenko@mirantis.com> Fri Jan 11 03:53:56 2019 +0400
committer Kirill Mashchenko <kmashchenko@mirantis.com> Fri Jan 11 03:53:56 2019 +0400
tree 2cb06dc5075a622ffe85aa14fc9f3cb86f5eaa0e
parent 8ab34fdc51526904f43a1e9ef6a43462558602c3

Restrict access to aptly-promote-pipeline to release-engineering and
aptly-promote-users teams.

Related PROD: https://mirantis.jira.com/browse/PROD-25213

Change-Id: Idee98df03855b9bc9038f8a259fa63a69db4fec2

aptly-promote-pipeline.groovy

diff --git a/aptly-promote-pipeline.groovy b/aptly-promote-pipeline.groovy
index 7c7f492..6be2794 100644
--- a/aptly-promote-pipeline.groovy
+++ b/aptly-promote-pipeline.groovy
@@ -28,6 +28,13 @@
 timeout(time: 12, unit: 'HOURS') {
     node("docker&&hardware") {
         try {
+            if ("testing" in TARGET && !jenkinsUtils.currentUserInGroup(["release-engineering", "aptly-promote-users"])) {
+                insufficientPermissions = true
+                throw new Exception("Only release-engineering or aptly-promote-users can perform promote to testing.")
+            } else if (!jenkinsUtils.currentUserInGroup(["release-engineering"])) {
+                insufficientPermissions = true
+                throw new Exception("Only release-engineering team can perform promote.")
+            }
             stage("promote") {
                 // promote is restricted to users in aptly-promote-users LDAP group
                 if(jenkinsUtils.currentUserInGroups(["mcp-cicd-admins", "release-engineering", "opencontrail-all"])){